Kicksecure ™

Download

On Computer USB Installation Intel / AMD64 ARM64 Raspberry Pi PPC64 Windows (VM) Mac Linux (VM) VirtualBox (VM) Qubes (VM) KVM (VM) Debian morph to Kicksecure More options Source Code

About

Overview Features Why Open Source? Project Activities Contributors Mission & Vision

Docs

Documentation FAQ Troubleshooting

Community

Forums Forum Best Practices Contribute

Support

Self Support First Policy Search Engines, Docs and AI Support (Limited) Reporting Bugs Contact (Restricted)

Tools Upload file Special pages Recent changes Print Version Page meta What links here Related changes Page information

Page Read Edit History Move Protection Unwatch Watch Delete Purge

User Preferences Watchlist Contributions Logout Create account Login

Donate

Sovereign Boot helps you control what your computer trusts during startup. Instead of relying on preinstalled vendor or third-party keys, it uses a guided wizard to let you enroll the keys you want, so only approved boot software can run.

Sovereign Boot is a concept and toolset for making early boot security easier to understand and control. It focuses on the part of startup that happens before your operating system loads, where a small amount of trusted software decides what is allowed to run next.

Most normal computers ship with UEFI Secure Boot enabled or available, using preinstalled vendor and third party verification keys. In practice, this can mean your system trusts software signed by parties you did not choose, and the owner may be expected to rely on the platform vendor's decisions about what is allowed to run. This is closely related to Deep Scan Restricted systems, where independent inspection and owner-controlled changes can be blocked by design.

Sovereign Boot aims to change that by using a provisioning wizard that guides you through creating a more user-controlled trust setup, based on what boot software you actually plan to use. This aligns with Deep Scan Ready, where the owner can independently verify the full boot chain instead of trusting the running system blindly, and where owner-approved boot software is permissible rather than restricted.

For background on why this matters for malware investigation and offline inspection, see Deep Scan Ready - Technical Implementation and Deep Scan Ready - Threat Model Differences.

This wiki page provides a high-level overview only. For the step-by-step instructions, supported hardware, and the current state of the project, see the upstream documentation and issue trackers linked below.

• https://docs.dasharo.com/projects/sovereign-boot-wizard/
• Sovereign Boot Wizard RC1 Demo
• Sovereign Boot related video
• https://github.com/3mdeb/verified-boot/pull/30
• https://github.com/Dasharo/dasharo-issues/milestone/86
• https://github.com/Dasharo/dasharo-issues/issues?q=is%3Aissue%20state%3Aopen%20label%3ASovereignBoot

History: Based on user-controlled verified boot UEFI Application, 3MDEB has written a specification.

Credits

This research has been supported by Power Up Privacy, a privacy advocacy group that seeks to supercharge privacy projects with resources so they can complete their mission of making our world a better place.

Author of the idea and motivation: Patrick Schleizer.

Design and technical support: Aaron Rainbolt.Dasharo, Sovereign Boot Provisioning Wizard, Credits

Kicksecure A secure by default operating system with the latest security research in place.

Dark mode

Follow us on social media

Supported by Power Up Privacy

Kicksecure is proudly supported until 2026 by Power Up Privacy, a privacy advocacy group that seeks to supercharge privacy projects with resources so they can complete their mission of making our world a better place. (Strictly subject to our sponsorship policy.)

At Kicksecure we value freedom and trust, supporting Open Source and Freedom Software

By using this website, you acknowledge you have read, understood, and agree to be bound by these agreements: Terms of Service, Privacy Policy, Cookie Policy, E-Sign Consent, DMCA, Imprint 2012- 2026 ENCRYPTED SUPPORT LLC

Your support makes
all the difference!

We believe security software like Kicksecure needs to remain Open Source and independent. Would you help sustain and grow the project? Learn more about our 14 year success story and maybe DONATE!